Setting and Displaying ACLs on ZFS Files in Compact Format

You can set and display permissions on ZFS files in a compact
format that uses 14 unique letters to represent the permissions. The letters
that represent the compact permissions are listed in Table 8-2 and Table 8-3.

You can display compact ACL listings for files and directories by using the
ls-V command. For example:

The owner can read and modify the contents of the file (rw=read_data/write_data), (p=append_data). The owner can also modify the file's attributes such as timestamps, extended attributes, and ACLs (a=read_attributes, A=write_xattr, R=read_xattr, W=write_attributes, c=read_acl, C=write_acl). In addition, the owner can modify the ownership of the file (o=write_owner).

The synchronize access permission is not currently implemented.

group@

The group is granted read permissions to the file (r=read_data) and the file's attributes (a=read_attributes, R=read_xattr, c=read_acl).

The synchronize access permission is not currently implemented.

everyone@

Everyone who is not user or group is granted read permissions to the file and the file's attributes (r=read_data, a=append_data, R=read_xattr, c=read_acl, and s=synchronize).

You can also cut and paste permissions and inheritance flags from the
ls-V output into the compact chmod format. For example, to duplicate the
permissions and inheritance flags on dir.2 for user gozer to user cindys
on dir.2, copy and paste the permission and inheritance flags (rwx-----------:f-----:allow) into
your chmod command. For example:

Example 8-12 ACL Inheritance With ACL Inherit Mode Set to Pass Through

A file system that has the aclinherit property set to passthrough inherits all
inheritable ACL entries without any modifications made to the ACL entries when they
are inherited. When this property is set to passthrough, files are
created with a permission mode that is determined by the inheritable ACEs. If
no inheritable ACEs exist that affect the permission mode, then the permission mode
is set in accordance to the requested mode from the application.

The following examples use compact ACL syntax to show how to inherit permission
bits by setting aclinherit mode to passthrough.

In this example, an ACL is set on test1.dir to force inheritance. The
syntax creates an owner@, group@, and everyone@ ACL entry for newly created files.
Newly created directories inherit an @owner, group@, and everyone@ ACL entry.

The fd---- entries are for propagating inheritance and are not considered during access
control. In this example, a file is created with a trivial ACL in
another directory where inherited ACEs are not present.

When aclinherit=passthrough-x is enabled, files are created with the execute (x) permission for
owner@, group@, or everyone@, but only if execute permission is set in the
file creation mode and in an inheritable ACE that affects the mode.

The following example shows how to inherit the execute permission by setting aclinherit
mode to passthrough-x.

# zfs set aclinherit=passthrough-x tank/cindys

The following ACL is set on /tank/cindys/test1.dir to provide executable ACL inheritance for
files for owner@.